• Home
  • HCL AppScan vs. OWASP Zap

HCL AppScan vs OWASP Zap comparison

Cancel
You must select at least 2 products to compare!
HCLTech Logo
HCL AppScan
Read 41 HCL AppScan reviews
5,494 views|4,218 comparisons
82% willing to recommend
OWASP Logo
OWASP Zap
Read 37 OWASP Zap reviews
20,743 views|9,835 comparisons
87% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
HCL AppScan vs. OWASP Zap
May 2024
Executive Summary

We performed a comparison between HCL AppScan and OWASP Zap based on real PeerSpot user reviews.

Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed HCL AppScan vs. OWASP Zap Report (Updated: May 2024).
Download the complete report
772,649 professionals have used our research since 2012.
Featured Review
Anonymous User
Researched OWASP Zap but chose HCL AppScan: Improves application security, identifies gaps, and performs well
FA9
Offers automated scanning feature and spidering capabilities have improved our security testing
We integrate OWASP Zap into our other software development lifecycle processes for security. I use OWASP Zap for vulnerability scanning. After... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature of the solution is Postman.""The solution is easy to use.""The product has valuable features for static and dynamic testing.""It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply.""Technical support is helpful.""The most valuable feature of HCL AppScan is scanning QR codes.""It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings.""The UI was very intuitive."

More HCL AppScan Pros →

"This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer.""The product helps users to scan and fix vulnerabilities in the pipeline.""The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information.""The product discovers more vulnerabilities compared to other tools.""The application scanning feature is the most valuable feature.""The solution is scalable.""The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool.""The ZAP scan and code crawler are valuable features."

More OWASP Zap Pros →

Cons
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed.""I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources.""It has crashed at times.""AppScan is too complicated and should be made more user-friendly.""There is not a central management for static and dynamic.""The solution's scalability can be a matter of concern because one license runs on one machine only.""Improvement can be done as per customer requirements.""IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."

More HCL AppScan Cons →

"There's very little documentation that comes with OWASP Zap.""Zap could improve by providing better reports for security and recommendations for the vulnerabilities.""Lacks resources where users can internally access a learning module from the tool.""The documentation is lacking and out-of-date, it really needs more love.""It doesn't run on absolutely every operating system.""The documentation needs to be improved because I had to learn everything from watching YouTube videos.""Sometimes, we get some false positives.""It would be a great improvement if they could include a marketplace to add extra features to the tool."

More OWASP Zap Cons →

Pricing and Cost Advice
  • "AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
  • "With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
  • "Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
  • "HCL AppScan is expensive."
  • "I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
  • "The price is very expensive."
  • "The solution is moderately priced."
  • "The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."

    • More HCL AppScan Pricing and Cost Advice →

  • "It is highly recommended as it is an open source tool."
  • "It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy."
  • "OWASP ZAP is a free tool provided by OWASP’s engineers and experts. There is an option to donate."
  • "As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."
  • "It's free. It's good for us because we don't know what the extent of our use will be yet. It's good to start with something free and easy to use."
  • "OWASP Zap is free to use."
  • "This app is completely free and open source. So there is no question about any pricing."
  • "This is an open-source solution and can be used free of charge."

    • More OWASP Zap Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
    See Recommendations
    772,649 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about HCL AppScan?
    Top Answer:The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
    Read all 18 answers   →
    What needs improvement with HCL AppScan?
    Top Answer:Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its… more »
    Read all 21 answers   →
    What is your primary use case for HCL AppScan?
    Top Answer:I mainly use AppScan to secure various types of applications. I use its DAFDAT solution for black box scanning, as well as SaaS and source code validation. AppScan helps in scanning code for… more »
    Read all 19 answers   →
    Is OWASP Zap better than PortSwigger Burp Suite Pro?
    Top Answer:OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
    Read all 3 answers   →
    What do you like most about OWASP Zap?
    Top Answer:The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's… more »
    Read all 28 answers   →
    What is your experience regarding pricing and costs for OWASP Zap?
    Top Answer:The tool is open source.
    Read all 16 answers   →
    Ranking
    12th
    out of 71 in Static Application Security Testing (SAST)
    Views
    5,494
    Comparisons
    4,218
    Reviews
    16
    Average Words per Review
    346
    Rating
    7.2
    7th
    out of 71 in Static Application Security Testing (SAST)
    Views
    20,743
    Comparisons
    9,835
    Reviews
    12
    Average Words per Review
    392
    Rating
    7.6
    Comparisons
    SonarQube logo
    SonarQube vs. HCL AppScan
    Compared 16% of the time.
    Veracode logo
    Veracode vs. HCL AppScan
    Compared 12% of the time.
    Acunetix logo
    Acunetix vs. HCL AppScan
    Compared 11% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. HCL AppScan
    Compared 7% of the time.
    More HCL AppScan Competitors   →
    SonarQube logo
    SonarQube vs. OWASP Zap
    Compared 21% of the time.
    Acunetix logo
    Acunetix vs. OWASP Zap
    Compared 13% of the time.
    Veracode logo
    Veracode vs. OWASP Zap
    Compared 9% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. OWASP Zap
    Compared 4% of the time.
    More OWASP Zap Competitors   →
    Also Known As
    IBM Security AppScan, Rational AppScan, AppScan
    Learn More
    HCLTech
    OWASP
    Overview

    IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

    OWASP Zap is a free and open-source web application security scanner. 

    The solution helps developers identify vulnerabilities in their web applications by actively scanning for common security issues. 

    With its user-friendly interface and powerful features, Zap is a popular choice among developers for ensuring the security of their web applications.

    Sample Customers
    Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
    1. Google 2. Microsoft 3. IBM 4. Amazon 5. Facebook 6. Twitter 7. LinkedIn 8. Netflix 9. Adobe 10. PayPal 11. Salesforce 12. Cisco 13. Oracle 14. Intel 15. HP 16. Dell 17. VMware 18. Symantec 19. McAfee 20. Citrix 21. Red Hat 22. Juniper Networks 23. SAP 24. Accenture 25. Deloitte 26. Ernst & Young 27. PwC 28. KPMG 29. Capgemini 30. Infosys 31. Wipro 32. TCS
    Top Industries
    REVIEWERS
    Government15%
    Transportation Company15%
    Manufacturing Company10%
    Insurance Company10%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm14%
    Government10%
    Manufacturing Company9%
    REVIEWERS
    Computer Software Company25%
    Financial Services Firm15%
    Retailer10%
    Energy/Utilities Company10%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm10%
    Government7%
    Manufacturing Company7%
    Company Size
    REVIEWERS
    Small Business24%
    Midsize Enterprise13%
    Large Enterprise63%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise12%
    Large Enterprise72%
    REVIEWERS
    Small Business22%
    Midsize Enterprise30%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise15%
    Large Enterprise64%
    Buyer's Guide
    HCL AppScan vs. OWASP Zap
    May 2024
    Free Report: HCL AppScan vs. OWASP Zap
    Find out what your peers are saying about HCL AppScan vs. OWASP Zap and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    772,649 professionals have used our research since 2012.

    HCL AppScan is ranked 12th in Static Application Security Testing (SAST) with 41 reviews while OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews. HCL AppScan is rated 7.8, while OWASP Zap is rated 7.6. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Fortify on Demand, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and Fortify on Demand. See our HCL AppScan vs. OWASP Zap report.

    See our list of best Static Application Security Testing (SAST) vendors.

    We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.